Canada Rules That Grok’s AI-Generated Explicit Deepfakes Violate Privacy Law

Canada’s Privacy Commissioner Philippe Dufresne released findings on June 11, concluding that xAI’s Grok chatbot and the social media platform X (formerly Twitter), both owned by Elon Musk, violated Canada’s federal privacy laws. The investigation revealed that earlier this year, users globally generated more than 1.8 million non-consensual sexually explicit deepfake images using Grok in just 10 days. The commissioner noted that while the companies introduced some safeguards after the investigation began, the issue is far from resolved. Grok’s image generation tool launched without adequate protective measures, failing to account for potential privacy harms.

The investigation followed similar probes launched earlier in the UK and California. Dufresne stated that X and xAI have made compliance commitments but have not yet met the required standards. He emphasized that the case underscores the urgent need to update Canada’s privacy laws, granting regulators the authority to issue fines and binding orders. Meanwhile, Canada’s Liberal government introduced the Safe Social Media Act on Wednesday, requiring platforms to remove sexually explicit material, including AI-generated content, within 24 hours, and plans to criminalize the sharing of such deepfake images.

Analysis: As AI image generation technology becomes more widespread, regulators worldwide are tightening oversight. The Grok incident shows that tech companies that skip privacy impact assessments before launching products will face increasingly severe legal consequences. Going forward, embedding “abuse-resistant” mechanisms into product design may become a mandatory prerequisite for AI applications, not an afterthought.